For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Chris_Miller's avatar
Chris_Miller
Icon for Altostratus rankAltostratus
Aug 12, 2010

Limit Access to URI to HTTPS and IP

I'm interested in the best way to do this. I want to limit access to the URI "/sample" to users from IP 1.1.1.1 while also only allowing said access to be HTTPS. If someone tries hitting it over HTTP...
application delivery
dev
devops
iRules
naladar_65658's avatar
naladar_65658
Icon for Altostratus rankAltostratus
Aug 12, 2010
Sorry I meant to comment on this earlier Chris, I just didn't get a chance. If I were going to tackle this I would plan on future expansion and changes. That would be easy to do using datagroups I think. I know it is different in version 10.x, but in 9.4 I would create one datagroup called "valid_uri", put /sample in it and/or /sample/

Then create another data group called "valid_addresses" that you can plug your 1.1.1.1 in to. Using the iRule below, it would check to see if the URI matches, if the address is coming from the valid address if the port is NOT 443, drop that request. Not real elegant looking, but it would definitely be able to be expanded in the future. You may have to check the iRule for bracket issues, I don't have a BIG-IP in front of me at the moment to test compile....


when HTTP_REQUEST {
set header_uri [string tolower [HTTP::uri]]
if { ([matchclass $header_uri starts_with $::valid_uri]) && ([matchclass [IP::client_addr] equals $::valid_addresses]) && not ([matchclass [TCP::local_port] equals 443])} {
    discard
}
}